Single DNS Domain with Internet Connection and Separate Gateway

Although the previous section describes a completely valid sendmail configuration, it is often desirable to separate the function of the mail hub from the mail gateway. This separation enables you to put the mail hub inside a protective firewall, shielding it from direct attacks on sendmail. You would put the gateway on the firewall's DMZ network (preferred) or outside the firewall. In this way, you can monitor any attacks on the gateway. If compromised, the gateway has only its sendmail configuration file stored on it.

The following example still uses the starlight.com domain with three sendmail configuration files to implement this change.

  1. One for the gateway named gw.starlight.com ...

Get Solaris™ 8 Advanced System Administrator's Guide, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.